Prefectura Naval Argentina´s Recommendations for Maritime Cyber Risk Management

Cyber technologies are known to be essential for the operation and management of the systems cooperating with the navigation safety, the maritime transport protection, and the marine pollution prevention. However, they can also cause certain vulnerability which might give rise to risks which need to be addressed.

By virtue of this context and the entry into force of Regulation No. 05-18 “Management Rules for the Safe Operation of Ships and for Pollution Prevention,” and in accordance with Resolution OMI – MSC.428(98), Prefectura Naval Argentina set forth that every safety management system (SMS) approved shall include cyber risk management, pursuant to the functional objectives and requirements from the International Safety Management (ISM) Code, in order to protect the maritime transport against current or emerging cyber threats and vulnerabilities, no later than the first annual verification of the Company’s Document of Compliance after January 1st, 2021.

Those functional objectives and requirements shall be simultaneous and continuous in practice, and they shall be duly introduced into a risk management framework including identification, protection, detection, and answer to those risks.

Cyber risks shall be assessed and presented to the SMS just as any other risk affecting the safe operation of the vessel and the protection of the environment.

Prefectura recommends the community of shipping and port operators to notify any cyber incident before the relevant judicial and/police body, without prejudice to the containment and mitigation tasks to be taken as per the applicable management rules of information safety. The purpose of this recommendation is to preserve the digital evidence which might be found in the affected IT equipment and is crucial and indispensable to conduct an investigation.